Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/ItT-G0a5OEQdys5W2sDQ2BPihLA.roa
File:                     ItT-G0a5OEQdys5W2sDQ2BPihLA.roa (raw, json)
Hash identifier:          4Lt3RwuGeDy9/smSxM0jKf9phhIWi6iJF/82z1xDez0=
Subject key identifier:   22:D4:FE:1B:46:B9:38:44:1D:CA:CE:56:DA:C0:D0:D8:13:E2:84:B0
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019759D67AA5EC2A68DDA57F591C47E66F5F
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/ItT-G0a5OEQdys5W2sDQ2BPihLA.roa
Signing time:             Tue 10 Jun 2025 12:35:17 +0000
ROA not before:           Tue 10 Jun 2025 12:35:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211665
IP address blocks:        2a14:c380:220::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:59:d6:7a:a5:ec:2a:68:dd:a5:7f:59:1c:47:e6:6f:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Jun 10 12:35:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22d4fe1b46b938441dcace56dac0d0d813e284b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7a:e3:c6:d4:34:15:6e:9a:18:f7:95:9b:91:
                    86:1f:f9:68:34:bf:ab:7f:2c:fa:a8:fd:af:db:bf:
                    b2:6b:fa:6f:8d:f0:82:8b:4f:b1:f3:75:de:6f:a9:
                    e1:1d:e5:89:91:22:6d:33:83:b7:46:d0:dd:2c:a5:
                    c6:11:f9:91:a1:09:a6:50:2a:ae:44:d0:34:1b:19:
                    76:c1:e9:37:55:82:e3:42:38:fa:36:91:bc:95:f9:
                    21:80:c3:2e:58:d8:e3:39:f6:a6:90:0e:13:e3:e5:
                    a2:67:b0:59:50:9b:45:7c:05:46:76:09:39:71:31:
                    c5:09:15:83:9a:77:91:b9:3b:77:78:d3:38:8f:4b:
                    c7:09:bb:57:8b:69:64:d4:f7:f0:f6:30:c6:5a:54:
                    b4:ab:bb:f0:34:70:13:3a:9c:ff:b4:30:14:4d:5f:
                    42:7f:28:25:12:e2:a0:50:bd:10:7c:eb:ee:c6:9e:
                    7a:5c:44:ea:88:a2:52:ff:2c:ba:a4:da:d7:c6:37:
                    a9:18:54:9a:f2:2a:5e:a6:b7:62:8e:32:70:e1:b3:
                    82:3c:a5:0d:01:39:91:0a:51:4f:bc:31:42:21:ce:
                    66:ca:89:0d:72:1d:66:8a:39:96:53:93:a2:bd:9d:
                    ab:89:2b:30:44:6b:8f:40:31:8e:ba:a5:14:14:d8:
                    fc:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:D4:FE:1B:46:B9:38:44:1D:CA:CE:56:DA:C0:D0:D8:13:E2:84:B0
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/ItT-G0a5OEQdys5W2sDQ2BPihLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:220::/44

    Signature Algorithm: sha256WithRSAEncryption
         8d:f3:3f:f0:d6:61:0b:0a:c8:e4:2d:90:7e:a1:68:89:9a:42:
         76:04:8a:80:62:4f:55:a4:67:af:a4:ae:9b:ec:5b:bf:81:ad:
         44:05:5c:ed:0f:ab:23:8b:6b:49:51:35:e4:74:2c:bf:26:ab:
         46:6a:eb:c7:a7:85:0b:c9:ed:3f:53:38:f4:c5:ea:2b:da:0e:
         aa:8c:7a:95:07:50:db:16:85:36:2b:5b:a5:fd:d4:c1:8d:8c:
         ba:6a:a1:2d:29:de:4f:1a:23:a2:75:d0:ad:ad:c1:fe:1d:bc:
         ec:31:ee:7e:1f:9e:2a:f4:00:7b:ac:71:2b:74:11:42:d1:5f:
         d0:43:66:2f:c2:d5:92:59:ab:58:fc:c1:37:21:e7:18:2d:96:
         0a:27:a6:37:36:cf:29:7b:8f:b0:6f:2a:12:ba:71:4c:28:e0:
         db:bf:6e:78:ee:a6:cc:06:f5:1c:3b:28:dd:e0:e4:9c:cf:78:
         d8:3d:f1:fa:0c:83:29:eb:6d:45:cb:39:66:07:2f:56:45:90:
         9d:99:12:f2:9f:cb:af:b7:4d:bb:46:89:e5:79:77:8d:50:79:
         f4:9e:7b:3f:5b:b4:85:15:d5:24:28:3b:e0:30:29:b0:fd:44:
         61:c8:ae:00:e5:ff:56:c4:e5:3b:28:fe:23:0f:24:be:57:2a:
         53:b1:29:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZdZ1nql7Cpo3aV/WRxH5m9fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjUwNjEwMTIzNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmQ0ZmUxYjQ2YjkzODQ0MWRjYWNlNTZkYWMwZDBkODEzZTI4NGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHrjxtQ0FW6aGPeVm5GGH/loNL+r
fyz6qP2v27+ya/pvjfCCi0+x83Xeb6nhHeWJkSJtM4O3RtDdLKXGEfmRoQmmUCqu
RNA0Gxl2wek3VYLjQjj6NpG8lfkhgMMuWNjjOfamkA4T4+WiZ7BZUJtFfAVGdgk5
cTHFCRWDmneRuTt3eNM4j0vHCbtXi2lk1Pfw9jDGWlS0q7vwNHATOpz/tDAUTV9C
fyglEuKgUL0QfOvuxp56XETqiKJS/yy6pNrXxjepGFSa8ipeprdijjJw4bOCPKUN
ATmRClFPvDFCIc5myokNch1mijmWU5OivZ2riSswRGuPQDGOuqUUFNj8KwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCLU/htGuThEHcrOVtrA0NgT4oSwMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvSXRULUcwYTVPRVFkeXM1VzJzRFEyQlBpaExBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhTDgAIg
MA0GCSqGSIb3DQEBCwUAA4IBAQCN8z/w1mELCsjkLZB+oWiJmkJ2BIqAYk9VpGev
pK6b7Fu/ga1EBVztD6sji2tJUTXkdCy/JqtGauvHp4ULye0/Uzj0xeor2g6qjHqV
B1DbFoU2K1ul/dTBjYy6aqEtKd5PGiOiddCtrcH+HbzsMe5+H54q9AB7rHErdBFC
0V/QQ2YvwtWSWatY/ME3IecYLZYKJ6Y3Ns8pe4+wbyoSunFMKODbv2547qbMBvUc
Oyjd4OScz3jYPfH6DIMp621FyzlmBy9WRZCdmRLyn8uvt027RonleXeNUHn0nns/
W7SFFdUkKDvgMCmw/URhyK4A5f9WxOU7KP4jDyS+VypTsSmW
-----END CERTIFICATE-----